People use computers and computer networks to store and transmit an increasingly wide variety of information, ranging from highly sensitive medical information to photos of sporting events to corporate financial reports. Such information can vary widely not only in its content and form, but also in the extent to which its creators and owners wish to share it with others. Due to the inherent ability of computers to copy digital data quickly, easily, and with perfect accuracy, and the inherent ability of computer networks to transmit digital data to a nearly limitless number of people instantly and worldwide, in many cases the mere act of posting information on the Internet, or even of storing information on a personal computer, makes that information quickly and easily available to a larger number and wider variety of people than the poster desires. Information availability, in other words, remains largely an “all-or-nothing” proposition on the Internet.
Although various systems exist for enabling the creators and owners of digital data to exert control over the extent to which such data are made available to others, such systems have a variety of shortcomings. For example, online social networking systems, such as Facebook, enable each of their members to designate certain other people as being “within” their online social network. Once a person has designated such a group of “friends” (in Facebook parlance), the person can make certain information available through the online social networking system only to friends and not to non-friends. Although such a system represents an improvement over a true all-or-nothing system of content access control, it still has a variety of drawbacks. One such drawback is that the mere binary distinction between friends and non-friends does not enable finer-grained distinctions to be implemented by the system. This can cause significant problems when, as is commonly the case, a person allows relatively unknown acquaintances into his or her circle of friends, thereby potentially nullifying the access control-related benefits of the system.
What is needed, therefore, are improved techniques for providing people with control over access to their digital resources.